From SRS0=pvJzLaBV=KZ=asarian-host.net=root@asarian-host.net  Tue Aug  3 19:11:45 2004
Return-Path: <SRS0=pvJzLaBV=KZ=asarian-host.net=root@asarian-host.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C958016A4CE
	for <freebsd-gnats-submit@freebsd.org>; Tue,  3 Aug 2004 19:11:45 +0000 (GMT)
Received: from mail.asarian-host.net (mail.asarian-host.net [194.109.160.70])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 13DE243D3F
	for <freebsd-gnats-submit@freebsd.org>; Tue,  3 Aug 2004 19:11:45 +0000 (GMT)
	(envelope-from SRS0=pvJzLaBV=KZ=asarian-host.net=root@asarian-host.net)
Received: (from root@localhost)
	by mail.asarian-host.net (8.13.0/8.13.0) id i73JBh0m044730
	for freebsd-gnats-submit@freebsd.org; Tue, 3 Aug 2004 21:11:43 +0200 (CEST)
	(envelope-from root@asarian-host.net)
Message-Id: <200408031911.I73JBH5M044723@asarian-host.net>
Date: Tue, 03 Aug 2004 19:11:43 GMT
From: System Administrator <root@asarian-host.net>
Reply-To: root@asarian-host.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: ipfw: install_state warning about already existing entry
Comments: To protect the identity of the sender, certain header
	fields are either not shown, or masked. Anonymous email
	accounts can be requested by filling in the appropriate
	form at: https://asarian-host.net/cgi-bin/signup.cgi
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         69963
>Category:       kern
>Synopsis:       [ipfw] install_state warning about already existing entry
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ipfw
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 03 19:20:20 GMT 2004
>Closed-Date:    Wed Jun 08 05:00:56 UTC 2011
>Last-Modified:  Wed Jun  8 05:10:10 UTC 2011
>Originator:     Superuser
>Release:        FreeBSD 4.9-RELEASE-p3 i386
>Organization:
Asarian-host.net
>Environment:
System: FreeBSD asarian-host.net 4.9-RELEASE-p3 FreeBSD 4.9-RELEASE-p3 #2: Mon Aug 2 16:44:12 CEST 2004 root@asarian-host.net:/klad/obj/klad/src/sys/ASARIAN-HOST i386

>Description:

I installed the following ipfw2 rules (see below). The goal is simple: I want to limit connections to port 25 to 32 in total, targeted at "me". And of those 32, only 4 per source. Like so:

ipfw add 1 check-state
...
ipfw add 11 skipto 12 tcp from any to me 25 setup limit dst-addr 32
ipfw add 12 allow tcp from any to me 25 setup limit src-addr 4

Doing so, causes the console to be flooded with messages like these:

    "ipfw: install_state: entry already present, done"

It is this code in ip_fw2.c and ip_fw.c that prints the message:

 q = lookup_dyn_rule(&args->f_id, NULL, NULL);
 if (q != NULL) { /* should never occur */
  if (last_log != time_second) {
   last_log = time_second;
   printf("ipfw: install_state: entry already present, done\n");
  }
  return 0;
 }

>How-To-Repeat:
	every time the rules in question hit
>Fix:

Since this seems to be a non-critical error (as it is just a matter of ignoring an already existing rule),
I commented out the line that does the printf, so as to avoid the repeated warnings. Needless to say,
this is not at all a real solution. In fact, it is no solution at all, just a suppressant.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->ipfw 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Tue Aug 31 00:35:26 GMT 2004 
Responsible-Changed-Why:  
Over to mailing list. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=69963 
State-Changed-From-To: open->patched 
State-Changed-By: ae 
State-Changed-When: Wed Jun 1 12:08:40 UTC 2011 
State-Changed-Why:  
Patched in head/. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=69963 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/69963: commit references a PR
Date: Wed,  1 Jun 2011 12:05:49 +0000 (UTC)

 Author: ae
 Date: Wed Jun  1 12:05:35 2011
 New Revision: 222559
 URL: http://svn.freebsd.org/changeset/base/222559
 
 Log:
   Hide useless warning under debug macro.
   
   PR:		kern/69963
   MFC after:	1 week
 
 Modified:
   head/sys/netinet/ipfw/ip_fw_dynamic.c
 
 Modified: head/sys/netinet/ipfw/ip_fw_dynamic.c
 ==============================================================================
 --- head/sys/netinet/ipfw/ip_fw_dynamic.c	Wed Jun  1 10:23:03 2011	(r222558)
 +++ head/sys/netinet/ipfw/ip_fw_dynamic.c	Wed Jun  1 12:05:35 2011	(r222559)
 @@ -753,11 +753,12 @@ ipfw_install_state(struct ip_fw *rule, i
  	q = lookup_dyn_rule_locked(&args->f_id, NULL, NULL);
  
  	if (q != NULL) {	/* should never occur */
 +		DEB(
  		if (last_log != time_uptime) {
  			last_log = time_uptime;
  			printf("ipfw: %s: entry already present, done\n",
  			    __func__);
 -		}
 +		})
  		IPFW_DYN_UNLOCK();
  		return (0);
  	}
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: ae 
State-Changed-When: Wed Jun 8 05:00:11 UTC 2011 
State-Changed-Why:  
Merged to stable/8 and stable/7. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=69963 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/69963: commit references a PR
Date: Wed,  8 Jun 2011 04:50:41 +0000 (UTC)

 Author: ae
 Date: Wed Jun  8 04:50:23 2011
 New Revision: 222849
 URL: http://svn.freebsd.org/changeset/base/222849
 
 Log:
   MFC r222559:
     Hide useless warning under debug macro.
   
     PR:		kern/69963, kern/139226
 
 Modified:
   stable/8/sys/netinet/ipfw/ip_fw_dynamic.c
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
 
 Modified: stable/8/sys/netinet/ipfw/ip_fw_dynamic.c
 ==============================================================================
 --- stable/8/sys/netinet/ipfw/ip_fw_dynamic.c	Wed Jun  8 04:06:56 2011	(r222848)
 +++ stable/8/sys/netinet/ipfw/ip_fw_dynamic.c	Wed Jun  8 04:50:23 2011	(r222849)
 @@ -753,11 +753,12 @@ ipfw_install_state(struct ip_fw *rule, i
  	q = lookup_dyn_rule_locked(&args->f_id, NULL, NULL);
  
  	if (q != NULL) {	/* should never occur */
 +		DEB(
  		if (last_log != time_uptime) {
  			last_log = time_uptime;
  			printf("ipfw: %s: entry already present, done\n",
  			    __func__);
 -		}
 +		})
  		IPFW_DYN_UNLOCK();
  		return (0);
  	}
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/69963: commit references a PR
Date: Wed,  8 Jun 2011 04:54:40 +0000 (UTC)

 Author: ae
 Date: Wed Jun  8 04:54:22 2011
 New Revision: 222850
 URL: http://svn.freebsd.org/changeset/base/222850
 
 Log:
   MFC r222559:
     Hide useless warning under debug macro.
   
     PR:           kern/69963, kern/139226
   
     This is direct commit to stable/7.
 
 Modified:
   stable/7/sys/netinet/ip_fw2.c
 Directory Properties:
   stable/7/sys/   (props changed)
   stable/7/sys/cddl/contrib/opensolaris/   (props changed)
   stable/7/sys/contrib/dev/acpica/   (props changed)
   stable/7/sys/contrib/pf/   (props changed)
 
 Modified: stable/7/sys/netinet/ip_fw2.c
 ==============================================================================
 --- stable/7/sys/netinet/ip_fw2.c	Wed Jun  8 04:50:23 2011	(r222849)
 +++ stable/7/sys/netinet/ip_fw2.c	Wed Jun  8 04:54:22 2011	(r222850)
 @@ -1460,11 +1460,12 @@ install_state(struct ip_fw *rule, ipfw_i
  	q = lookup_dyn_rule_locked(&args->f_id, NULL, NULL);
  
  	if (q != NULL) {	/* should never occur */
 +		DEB(
  		if (last_log != time_uptime) {
  			last_log = time_uptime;
  			printf("ipfw: %s: entry already present, done\n",
  			    __func__);
 -		}
 +		})
  		IPFW_DYN_UNLOCK();
  		return (0);
  	}
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
